Posted
by
kdawson
on Tuesday May 29, 2007 @05:09AM
from the simple-install-and-remove dept.

FishWithAHammer writes "As part of my Google Summer of Code project, I'm working with WinLibre to develop a Debian-like software download system for free/open source software on the Windows platform. My reasoning is that open source software suffers from poor presentation. Most computer laymen, even those aware of open source software, often don't have any idea how to go about looking for it, but would use it if it were easier to access. What I have proposed is both a Debian-style packaging mechanism (capable of using Windows Installer MSIs or not, as the user wishes) and a software 'catalog' that takes the best aspects of Synaptic and Linspire's Click-N-Run system. Seamless, simple installation and removal of programs in as straightforward a way as apt-get (there will be a command-line tool as well). I'm posting to Slashdot to get the ideas of you lot who, while you may not be the target audience, can certainly provide insights that can be of value." Read on for more of this reader's ideas and questions.

There are areas that I'm personally not familiar with, and while I have done some research I would like the opinions of Slashdotters on some others. While at first I intend to set it up so that WinLibre (and I) run only one repository, I am curious as to how this sort of tool could be most useful to network administrators. Customizable repositories will be available; the code will be under the GPL, after all, so it'd be a little hard for them not to be available.

I'm also interested in the ideas of those who might be in a position to roll together packages. I intend to package a number of open-source language interpreters with the core software to allow special pre- and post-install scripts, as well as removal scripts. C#Script, Perl, and Python are definites, as is a Cygwin sh interpreter. We will have some program requirements — chief among them that no registry changes may be made by the program — but some of them, I fear, will require some flexibility; some programs really do require a way to edit the registry, for example, and I am considering offering some sort of tracked way to make registry changes so they can be rolled back on uninstallation of the program.

I'd love to hear what Slashdotters think of this. Think of it as a wishlist, but you don't get any damn ponies.

That's great of course, but it's the community and a selection of packages with mutually consistent packaging metadata which make systems like Debian and their derivatives so popular. The packaging system itself is an enabling technology.

If GNU/Linux was the only operating system that had applications like Firefox, OpenOffice, VLC, and so on, I think it would be a much more attractive option than Windows is. Yet, we've ported some of our best applications to the proprietary Windows platform, and as a consequence of this there is less incentive for Windows users to become users of Free Software operating systems.

I'm not necessarily saying that these ports shouldn't take place, but I think we should be aware of the fact that porting a great application to Windows does lessen the incentive for Windows users to make the switch.

If the explicit goal of an application programmer was to move people to Linux, the ideal strategy would probably be as follows:

1. Port the application to Windows2. Get people addicted to it (that's the hardest part).3. Make sure that new developments are always available on Linux first (so that there's a real incentive to switch to Linux).4. At some time, introduce Linux-only features.5. After enough users have switched to Linux, drop Windows support.6. ???7. Profit!

(Sorry, the last two lines just had to come!:-))

Of course the problem with this plan is that starting from step 4 on, it's virtually impossible to do with FOSS: If you don't implement those features on Windows, likely someone else will do. And if you drop Windows support, probably someone else will take over (remember, as of step 2, it's a popular application).

why do we have to push Linux on people? I'm a massive Linux fan, but I use windows as my main desktop mainly due to games but I use a lot of open source tools on my windows machine. main two being audacity and Firefox and if I was forced to use linux as my main desktop because I couldn't get these apps on windows frankly would annoy me as much as Microsoft does with there windows only programs.

That type of mentally will do more damage to the open source movement then anything else.

why do we have to push Linux on people? I'm a massive Linux fan, but I use windows as my main desktop mainly due to games but I use a lot of open source tools on my windows machine. main two being audacity and Firefox.

Actually, this brings up a very good point. For some applications like Audacity, the preferred platform may actually be Linux, or more specifically, distros that are aimed at being a professional audio/video workstation like Ubuntu Studio, which includes a low-latency kernel tuned for A/V work and dozens of audio tools that are only available on *nix. Audacity may work on Windows, but I've used it on both platforms and I much prefer to work with it on a low-latency-optimized Linux setup, right beside applications like Ardour with a plugin architecture like JACK.

I don't suppose you want to cite evidence when making bold claims, but it usually is customary when attempting to convince people of your point of view. Blanket claims are almost never completely true or accurate, and I think blanketing Linux as better than Windows in all cases is a bit excessive. Sure, there'll always be those that think whatever they do must be the best thing around, but if you step back for a minute and really take a look the operating systems tend to compete fairly well. Sure, Linux

3. Make sure that new developments are always available on Linux first (so that there's a real incentive to switch to Linux).

In reality, it tends to work the other way around. Take the Amiga emulator, UAE, for instance. I think, among other meanings, the U once stood for Unix. Yet, most of the best features are in the Windows version now, and they're developed in a non-cross-platform manner, by people who don't care about OpenGL's standardisation over DirectX, etc. Same with other emulators, and probabl

Windows' shaky foundations constitute the main incentive for Windows users to make the switch. Finding on Linux the same FOSS applications you got accustomed with does just make the switch easier. I know it worked this way for my father, who now happily uses on Xubuntu the same Firefox, Thunderbird and OpenOffice he used on Windows. No equivalent for Symantec software, luckily!

We had OS9 Macs in my junior high, back when iMacs first came out.The cutting-edge iMacs that they got in during my 8th grade year were probably the worst advertising Apple could have hoped for. I'd bet that everyone who went through that school now has a strong bias against Macs.

They crashed way, way more often than win98 (not just the ones that were in computer labs being screwed around on by a few hundred students, I mean just-out-of-the-box ones issued to teachers) and performed like 2-3 year old (at t

I think part of the value in making sure there are lots of open source apps on Windows is the tie in factor, that is, it makes it a bit harder to segment Microsoft and Windows from open source programs. This has some advantages, if core Windows customers rely on certain open source apps it becomes much harder to attack the concept of open source itself. While it might be easy to say that certain apps or functions should be Linux only, this is a sure way to retard growth and won't actually help anything.It d

Yet, we've ported some of our best applications to the proprietary Windows platform, and as a consequence of this there is less incentive for Windows users to become users of Free Software operating systems.

This has been debunked before. it's easier to switch OS when you are still running familiar apps on top of it after the change. e.g. Firefox, Thunderbird.

If GNU/Linux was the only operating system that had applications like Firefox, OpenOffice, VLC, and so on, I think it would be a much more attractive option than Windows is. Yet, we've ported some of our best applications to the proprietary Windows platform, and as a consequence of this there is less incentive for Windows users to become users of Free Software operating systems.

"We've ported to Windows"? Who the heck are ya?

Firefox, based on the XUL platform, which from the very beginning was designed to be multi-platform.It has evolved from the proprietary Netscape before were also inherently multi-platform from the very start.

As for VLC, why exactly not having this one on Windows makes Linux any better. Can't Windows play Windows Media files? Does it lack a hundred of other players?

And I have another question for you: who do you think make products like Firefox popular. It's Windows users. The majority of people out there run Windows. It's when people started installing Firefox on their Windows machines, that the stats went up, and Firefox started to matter.

If Firefox never existed on Windows, do you think anyone but geeks would care for it? If you're thinking what answer might be, look no further from Konqueror: who the hell (but geeks) cared about this one browser which was only available on Linux, BEFORE Apple took their code and turned it in WebKit/Safari?

And will go further to say that Firefox and OOo have enjoyed this level of success (from Windows) BECAUSE users didn't have to wrestle with a bloody package-manager to get the software installed. Windows and Mac users always get the earliest access to the latest FOSS updates, while Linux users must wait for their repository to catch-up or learn how to fight with the package manager.In fact, Mozilla is so fed up with *nix package managers and umpteen different repositories, that they no longer even distribut

The idea is well understood and frequently restated but it is not realistic scenario.

Like someone said up in the thread, there is no way to prevent anyone porting nice OSS app to non-free OS. Therefore, users will virtually never feel the urge to switch over to Linux because of a "killer app(s)".

When (or if) massive switchover happens, it will be only because Microsoft tried to squeeze users too much and they found they lose nothing important if they switch.

In other words, blurring the border between the two by porting Free Software on proprietary platforms, making users gradually adapt to environment they would find in Linux, makes user migration to it more probable, in fact as probable as realistically possible. Side effect would be pushing the shareware producers out of the Windows market by pressure of irresistible competition, which in turn would decrease number of developers for that platform and at the same time force Microsoft to "deal with devil" and try to play nicer with FOSS side and users.

If I may be so free as to expand on this, by way of replying to my own post..The few features that Linux now has over Windows are going to be implemented on the world's most protected operating system sooner or later. Since MS does nothing without changing things a little and wrapping it up in patents, we have to be very wary of what happens to our beloved multiple desktops, packet managers + central/p2p software repositories and shells (and I'm sure people can think of others). In other words; has this w

Don't forget about updates, too. While a few apps like Firefox check for updates on their own, most don't, and even those which do are all inconsistent with each other.The desktop I use at work is a Windows one, as this is what all but one customers use -- so even though I spend a lot of time sshed to a real box, things like Firefox, Gimp, TortoiseSVN, etc, etc, are all win32 binaries. And having them keep up to date by a single command as opposed to visiting every single homepage once in a time would be

A package manager for Windows. That's great and all, but will I be able to get out of the install-reboot game every time I have to set up a new computer for someone? What benefits will this have over just doing a Google search for "Lua compiler" and comparing feature lists?I can see a lot of benefits for the developers, suck as skipping an installer altogether, but all the end-user can rely on is trial and error if there are ten programs under the same category and no detailed feature lists.

The reboots are required for two reasons. The first is that you are updating a library that a lot of applications use. If you update libc, for example, then you need to restart every C application, which generally means a reboot. In a lot of cases, you can get away with just restarting the affected applications.

The second reason is Windows-specific. On UNIX, you can delete a file that applications have open, and it will not actually be removed from the disk until the last application with an open handle for it exits. On Windows, you can't do this. On *NIX, if you want up upgrade libfoo.so, you can delete it and then install the new libfoo.so, and every running application that uses it will keep using the deleted version until you restart it. On Windows, if you want to upgrade foo.dll, then it will tell you that you can't delete foo.dll because it is in use. This is why Windows installers often tell you to quit all applications. The work-around for this is to add a little script that replaces the old foo.dll with the new one on the next reboot (before anyone has tried loading it) and then continues.

I don't know if the second problem is fixed on Windows - I haven't used it for four or so years - but even if it has there are probably a lot of people out there writing installers who don't know that it's fixed.

This could also improve the upgrade process which would help security a lot. E.g. how man people do manually upgrade all their manually installed applications? If you can just type "apt-get upgrade" people are much more likely to update and get security updates.

I would say the big thing that I would look for in such a product would be a consistent (or even better, non-existent) use/removal of registry entries. I have dealt with so many so-called "professionally" done software pieces that upon uninstallation would leave several dozen registry entries. This seems terribly unnecessary, and if the so-called apt-get method could circumvent the registry (much like the run from USB flash drive programs) altogether, or at least make it a sure-fire thing to remove, instead of wipe-and-pray.

Good on you for trying to better the system man, I wish you the best of luck!

If used correctly, Windows Installer packages are really the best choice for non-trivial packages. If you use windows installer packages correctly, then they can uninstall all the installed registry settings.Avoiding registry settings is very difficult if the applications are coded to store their settings in the registry. Most people do not realise however that you can move COM registration (ie HKCR/CLSID, HKCR/Interfaces, HKCR/TypeLib etc) out of the registry and into manifest files on XP/W2k3/Vista.

What you're talking about has little to do with the installation process, and much to do with the applications themselves: you're suggesting creating a configuration standard that doesn't use or depend upon the Registry, instead storing configuration and state data in something non-monolithic and independent like, oh I don't know, an INI or CONF file?It's hardly a new idea; in the past I'd toyed with trying to start a grassroots movement I called Windindin (Windows Data Independence Initiative), that would

"It's pretty easy to dump some keys from the Registry if you need to."

It's NOT easy, damned near impossible, if the OS is Windows NT/2K/XP/2003 and isn't bootable. Even if the file system and structure is fine and the Registry hive files are otherwise accessible, there's no means known to me that would allow extracting data from them.

I've had this happen to me more than once, where the OS got trashed, and I'd have rather just started from scratch, BUT I had a ton of customizations for apps and the OS burie

Is it really that hard to find open source software for Windows? I've never had a problem. Windows already has a decent way of installing and uninstalling software, so adding another way to do it, seperate from Windows's own, seems rather pointless, not to be rude.

I've installed software on many distros as well as Windows, and I just don't see why anything needs to be improved. It works just fine. Sure, it's different, but it's not any worse. If improvements need to be made, I don't think this is the way to do it. Fracturing the install process just leads to complications for end users, which is one of the areas where Free Software is far, far behind what Windows currently has;) Seriously, the notion that something is better so should be adopted alongside the m

"Windows already has a decent way of installing and uninstalling software"

Accepted does not mean decent.

Add/Remove really doesn't have anything to actually Add. And the Remove aspect of Add/Remove doesn't actually remove. Some programs go so far as to only remove the shortcuts and say "Uninstall Complete!", while others leave behind large swaths of registry entries and several MB of unnecessary files at C:\, Windows, Program Files, AppData, Local Data, Local Data\AppData (the other AppData, ugh) and a

Some programs go so far as to only remove the shortcuts and say "Uninstall Complete!", while others leave behind large swaths of registry entries and several MB of unnecessary files at C:\, Windows, Program Files, AppData, Local Data, Local Data\AppData (the other AppData, ugh) and anywhere else they please.

Your complaint boils down to "some people make bad packages", which occurs on Linux as well, and is just the nature of software to be imperfect. I cannot count the number of bugs or non-working setups I've tracked down to bad packages, and even better, in the Linux world fixing such a bug once doesn't make it go away - it'll be repeated in 3 months time by a different distribution.

But the real failure in Windows is a decent way to keep any number of applications up to date.

There really is a huge difference between "1. find the proper site to download one piece of software, 2. download it, 3. click install, 4. make sure the temp install file gets removed eventually, 5. maybe think about upgrading it once the next major version comes out", and having thousands of packages [wikipedia.org] available for install at a single click, with all of the dependencies and all complications already figured out for you, and where all upgrades are nearly automatic and pain-free.

I'll bite with a semi-redundant reply... The key difference between the two (for me) is Google. When I need to find a good $free windows program, I do a search, get a few reviews, and decide what I want. When I'm in the Synaptic (I think that's the name...) program, I'm faced with the 'what the hell does that one do' issue - there's no information about the program. When I shop for a book, I'd like to be able to look at the dust jacket teaser ALONG with the title, because in the end titles (and program

apt-get and friends are far, far better than Window's add/remove system. They track dependencies, so when you install "rails", for example, it will automatically install apache, mysql, ruby, all the various connectors, configure them and link them all together. This is especially useful for development. Setting up a complex build environment on Windows can be nightmarish. My project uses 10 - 15 sub-libraries and downloading working and compatible versions of all the dependencies can take a whole day. This is a one-click operation with a package manager.

They all handle updates as well, so you have a central place to keep all your entire system patched. For example, when a vulnerability is discovered in a core library (libz, or linpng have been recent examples), you need to go through your system checkiing that every application which uses one of these libraries is updated. This is almost impossible on Windows, but automatic on systems with package managers.

Well, I guess you use your computer differently than I do. I set up my machines in minutes, spending more time editing config files for use on a machine than downloading and configuring each piece of software to work with others. The overhead is actually using the software, not simply getting it. This isn't really anything to do with "Add/remove software", as you don't use that to add software. It's all done via MSI packages, just by double-clicking them. Or simply downloading an archive and dropping i

For user-specified (or multiple fallback) repositories, you need nothing more complex than reading your
base path(s) from a config file. Prepend that address to every file you download, and it will all go
well.

For the bigger project, basically you just need a set of per-package install/uninstall scripts that check for dependancies
(or no-longer-needed dependancies on uninstall), do their thing, and write themselves to a standardized catalog
of installed software. Whether or not you can adapt Windows' list of such software, and the MSI interface in
general, to your needs, I can't say offhand. I would think you can at least list the package therein,
but I don't think that handles dependancy information quite as elegantly as you would want.

I see the biggest problem you'll have as coming from the poor regression testing done for Windows ports
of FOSS - You may well need multiple (version-specific) instances of some dependancies installed at the
same time, for different packages that use "working until version 2.8.10.4" features (or more of a
nightmare, "working until KB935356").

Overall, I wish you luck with this. I think the Windows world has needed something like apt-get (with a
mind-numbingly simple GUI) for a loooooong time.

Uhh, lets see now. With a linux type package manager I could:-Actually install MySQL, PHP and Apache easily without having to use a third party package that holds them all. Yeah, windows is sure free of dependencies. Just great especially when your programs are inherently dependent on each other, oh wait no its a pain in the ass.-Download whatever packages I need without needing to deal with searching the web for the place to download this from. The whole find, download install file, run install file thing gets annoying pretty quickly. Especially when you have a bunch of software to download.-Queue uninstalls, god damn do I hate the fucking windows uninstaller where you need to uninstall, wait,uninstall next item. Thats not even counting how it fucking breaks in one way or another after a while on most systems I've used.

That packages provide functionality. This is already done in the form of virtual packages like web-browser, but I'd like to go further.

For example, the current system is that OO Writer and KWord are in the "word processor" category. But what if I want something that can open AmiPro documents? What options do I have there? That's generally not included anywhere in the package's description.

I found this weird.pcx file, and have no clue what is it, what can I open it with?

Or, what music player has the ability of playing.s3m files?

What mail clients can I choose from if I'd like both NNTP and IMAP support?

What programs are available that do some function that is related to an HP nx5000 laptop? (this would match programs controlling LCD brightness, support for the onboard bluetooth, etc)

My reasoning is that open source software suffers from poor presentation.

Definitely true. Part of the reason is that programmers often just like to program, not make things easier for the user. Writing a manual and making things easy can take 90% of the development time.

The reason is also partly, in my experience, that free software developers listen way too much to the few, vocal power users who want all kinds of special adaptations and options, rather than finding out what the great majority of users actually need and want. The result is often over-complicated user interfaces, and hard to maintain code because of all the codepaths added to accomodate the hard to satisfy wants of some power users. Once the interface becomes hard to use, the ordinary, quiet users turn to other programs, and power users become even more dominating, leading to a vicious circle of program sectarianism.

It is not only the programmers' fault, though. Far too few users bother to suggest interface simplification,or even know how to advocate it. Merely complaining will not work - developers need to be shown that it can be done, and how, by means of mock-ups or illustrations. A few innovative user interface interested users could do wonders for many projects simply by drawing new user interfaces and submitting them to various free software projects, asking if they are interested in going a few rounds of design iterations with them. Often an outside eye, and interest in doing some adapting from both sides, is all that is needed.

'Making it easy' takes a -lot- less time if it's planned from the start, for most projects. And the 'manual' for open source software doesn't have to look like the manual for professional software.I wrote a mesh conversion utility once. It was used by thousands of people and my 'manual' (web-based tutorial, with screenshots) was so good that nobody ever asked me how to use the app except when there was a bug. I got plenty of praise on my tutorial as well. The tutorial probably took a couple hours to pre

There is a mechanism for doing this kind of thing already in Windows, via Add/Remove programs and Group Policy. Surely it would be a good idea to try and re-use this rather than re-inventing the wheel.

How will this cope with Vista and it's increased security? I'm all for this as an idea but it would be a shame if it takes a couple of years to get up and running but by then Vista is mainstream and, for whatever reason (FUD?), breaks compatibility with the packaging system.

I hope you're planning on making it interoperate with the cygwin packaging system. Cygwin's a great piece of software which is, IMO, let down by its obscure and difficult-to-use setup program. A new, friendlier way of installing and updating cygwin components would be a great asset. And if it worked with other OSS stuff as well, that would be a huge asset.

One thing I would suggest is that you make it easy for somebody to package a standalone.exe that doesn't require your system, but which can interoperate with your system easily -- perhaps by having a version of your system that can wrap up a package with a copy of the relevant parts of itself in a.exe file.

system. Cygwin's a great piece of software which is, IMO, let down by its obscure and difficult-to-use setup program. A new, friendlier way of installing and updating cygwin components would be a great asset.

Cywin's setup.exe is a PIA, but hardly unfriendly. It behaves in much the same way as most GUI programs. Short of writing a "wizard", I don't see how it could it made more friendly. Where the setup.exe approach fails is that on the front end, it's not command-line driven, and the backend, well, there

We use it at work and it appears to work fairly well. Although I don't know for sure, as I'm not the PC admin and I don't run a Windows desktop:)
I just get to hear him saying how much easier it is to manage the PCs with it.

wpkg is one of the inspirations I had for this project, but I find it to be lacking in some respects. I hate to say it, but it seems too much like dpkg, and doesn't really fit itself all that well into the Windows space.

Superficially, this seems an interesting project. I think, though, the problems with managing open source software on Windows are going to be very different to those on Linux: possibly to the point where what you can achieve will be limited.

The first issue that occurs to me immediately is that Windows has no single suitable native package management system that you can hook onto. Because of this, program installations tend either to (i) include whatever prerequisites they need and check whether their installation is necessary; or (ii) list the prerequisites in the installation instructions and leave it up to the user to ensure they are satisfied. Now, you might say that the whole point of the project is to resolve this, but I think you are going to run into licensing problems when you try. Let's say a particular open source product relies on.NET Framework 2. Are you then going to include.NET Framework 2 in your repository? Are you going to download it from Microsoft, using Microsoft's Download Center as a kind of adjunct repository? Are you going to talk to Microsoft to see if they will cooperate in working out a solution? This seems hard.

I do think that a single starting point for finding quality open source solutions on Windows has merit. Right now there is a bewildering mass of products out there, and no easy way of sifting the gems from the dross. If nothing else, you might be able to provide a good menu of open source products that are deemed worthy of consideration.

The OP is not reinventing the wheel WRT an installer, but a way to get those packaged msis to the end-user in a easier-to-use fashion.

The OP should have a look at Wix (on sourceforge), which was MS's very first foray in to the world of open source. Its a XML-based msi creation tool. It may not help the package manager but will provide the tools for OSS developers to create msi packages (especially if you provide easy-to-modify simple packages) ready to slot into your manager.

I thought this too.But MSI doesn't do what the Linux/BSD packagers do. These packagers work by tracking every single file or update done to the entire system. Then they track dependencies between files and packages. They store all this in a database format, which allows you to ask questions like "what is every package that uses MSVCRT71.DLL? And "what will break if I update package GIF_VIEWER from version 1.0 to version 1.1?" They also manage side-by-side installs, provide a central repository for searching for packages and upgrades, and provide a safe digitally signed repository for applications.

This is one of the killer features of Linux that I miss on Windows. But I suspect it won't work for the same reasons it doesn't work on Linux. It's only useful if 100% of the applications use it. If any one of them doesn't, then the whole system can come crumbling down. But basically, it is a fix to DLL hell, so it can't make things on Windows any worse.

On a note of MSI, MSI may seem to do the above, but it doesn't. It's a packaging format, and it allows for install and rollback much like the Linux packaging systems do. But most of the time it is unrealistic to expect the repair/rollback/uninstall features to actually work. I've worked at a few companies who have made MSIs, and generally you take some other EXE or script-based installer, then you wrap it in an MSI and say you are done. You rarely use the actual MSI features because they are too complicated and the tools don't generall support them. And Windows installs are full of kluges like editing a registry key here, adding a shell extension there, etc. Things generally don't fit into the nicely packaged mentality.

Because MSI doesn't support automatic dependency resolution, would be the major reason. A simple wrapper around MSI would be the ideal way of achieving this goal, but MSI alone doesn't provide the kind of feature set we've grown used to in the Linux world.

One of the really annoying habits of windows programmers is to put dozens of different entries in the start menu: the readme, uninstall procedure, another readme, a seperate update routine and - very important - a link to the developers web page.

Could you introduce a debian-like menu, where each program has exactly one entry and is in the right category?

One thing I think shopuld be considered from the beginning is how to handle multiple archives, which may be independently maintained. Sure, the basic operation is simple: You add a new URL to the list of archives to search, and then you can see the contents of those archives. However that's not all there is to archives:

1. How do you find additional repositories?2. How do you find out if a given repository is trustworthy?3. What to do if several repositories contain packages for the same application or library?4. What about version inconsistencies?

Points 1 and 2 can IMHO be (mostly) solved together through a "repository web": Repositories not only contain packages, but also links to other repositories. Those links should also be rated, so you get a web of trust for repositories: You can mark several "root repositories" as trusted or untrusted (those settings should, of course, be user-changeable). Then trust would "propagate" through links marked as trusted, or "anti-propagate" through mistrust-links. One could even imagine "repository hubs", repositories which don't contain files, but only links to other repositories together with trust ratings. It might also be a good idea to have several trust ratings for the contained files, and for the contained links (after all, you can well imagine an excellent file repository where the maintainer isn't able to accurately rank the trust on inter-repository links).

For points 3 and 4 I don't have a suggestion right now, but they definitely should be considered (note that separately maintained repositories will almost certainly cause inconsistencies at some point).

Of course you can just pretend that there will always be only one repository, or that all repository providers will work together to avoid inconsistencies, but I think that's not really a good idea. Additional independent repositories will eventually come (assuming the project is a success), and therefore the problems caused by those should definitively be anticipated, even if originally there's only one repository.

and are objecting to points already covered. I think this is a good idea, though it would need support from the developers to keep the repositories working, and they would object because removing the need to navigate to the sites will remove having to work through the requests for help and funding. Now if you could fix that - so that as you install xxx.msi, a request and info page opens in a pane, that might be a good feature.

It's a stealth feature. Get people installing applications that way, because then the Linux desktop will be more familiar.

Something really is needed. I keep coming across people who really need no more than Wordpad who are buying Office because they think they have to. I recently came across a guy who has bought Office 2007 and writes nothing but letters and the odd email. He thought that somehow saving his letter to Auntie Flo in Office 2007 format (docx) was "better" than saving it in Office 2000.doc, right up to the point she couldn't open it as an email attachment and he had to "downgrade" his document. Microsoft is exploiting numskulls like that. (I'm only jealous of course - I'd love a list of 100 or so gullible people with money but, as I'm not a corporation with deep pockets, I might get into trouble.)

These people don't know OOo exists, and even if they did would never be able to find it. But a simple little packager that has a "Top picks" with something like "Open Office 2 - for all your home office needs" and a "click here to install" button - well, at least we'd be trying.

An apt-get equivalent for windows would be a very cool thing, I hope you succeed.

You might want to reconsider the decision not to use MSI as a back-end. I am not familiar with the details of the technology, but some of the supported features are command-line and GUI installs, and administrative network installs. And if you don't already know, Microsoft has released some open-source (!) tools for generating MSI packages: http://wix.sourceforge.net/ [sourceforge.net]

I have lots of applications, both OSS and commercial, that have some kind of update system built in - the application checks for an update when you start it, for instance, or when you select the option from the help menu. In fact it is getting to the stage where practically every app. has this.

What I would like to see is a single open method of doing this which could work for all applications (so even commercial software providers could opt into it if they wanted), which would be simple and secure. It would be great to have a single application open that ran at start-up that said: "The following applications have updates available:" and then lists the applications, and two buttons "Update all" and "Advanced" which would allow you to see details about the updates and select just the ones you want.

For instance on my Mac I have:

1) The Official Apple "Software update" that updates OSX and Apple Apps.2) The Adobe updater for Photoshop, Dreamweaver etc.3) The Firefox/Thunderbird updater4) Dozens of updaters for individual apps like TextMate and OSS software5) Updaters for OSS packages (Fink/darwinports)(Yes, I know about the App Update widget but that only addresses part of the problem, and it does not provide a technical solution that can be used across platforms and projects).

And on Windows, I have the same kind of mess of updaters.

I'm sure there could be a simple, elegant technical solution for this, a kind of RSS-type standard for application updates - you could then choose your prefered updater just as you can now choose your preferred RSS reader.

I use Cygwin [cygwin.com] daily at work, as I cannot dual-boot to Linux. It is more than enough for my work, but for the general public, it's packaging system is sadly lacking in bells and whistles, and the available library is way short of your objective.

No, it would be a wonderful thing, although I don't think it'll fly.On Windows one of the most annoying things that that things install themselves -- which gives them full control over what goes where, up to modifying obscure registry settings and overwriting files. That means you can never be sure you can uninstall something.

Package managers solve that: When I install say, kword it doesn't install itself. The package manager knows exactly what went where and can remove it. KWord itself runs as a normal use

Packaging is a band aid on deeper problems with library incompatibility problems, the braindead scattering of software files all over the file system, and the completely pointless minor differences in Linux distributions.

Unlike you I value my time and wasting it on pointless activity doesn't appeal to me. To download an open source program now I need to google for a program, check which website is the right one, following a redirect to a working site, find+click the link to the download section, find+click the windows download link, find the newest version to download, click "yes I want to download you nitwit" and then select a mirror. Possibly at some point I will be told "we're sorry there is no windows version except in

I'll give you dependency hell, but linux scattering files all over the file system? I think not.

In Linux/Unix, you have a set of prefixes (/,/usr,/usr/local, sometimes/opt/kde and/opt/gnome) and directories within each of those (bin, doc, etc, man, sbin, share). If the software doesn't have special needs (e.g. a database, the kind of thing users don't install), you know exactly where crap goes: Binaries are in prefix/bin, libraries are in prefix/lib, images and whatnot go in prefix/share/appname/. Wh

In the french version of the page it is a little bit more clear: "En raison de l'adoption de la loi DADVSI, OVH nous demande de retirer les liens BitTorrent, bien qu'ils soient légaux. Les liens suivants sont donc désactivés..." what could be translated in "Due to the French DADVSI law, OVH asked us to delete all BitTorrents links, although they are legal. The next links are then deactivated...".It is just OVH (a web hosting company) who has shit in their pants with the DADVSI law and asked e

windows has had code signing since like prehistoric times. MSIs, EXEs and DLLs can ( and should ) be digitally signed. I'd let the thing download and install the stuff which has a signature that verifies up to a given root certificate fingerprint.
PKI is there to be used.

I think they actually do: both Mac and Windows users like automatic updates. Furthermore, there's a strong argument to be made that a good way to get Mac and Windows users to switch to open source operating systems is to get them interested in open source desktop applications first. And a simple delivery mechanism for those desktop applications greatly h